This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T23:33:38+00:00 www.secnews.physaphae.fr Mandiant - Blog Sécu de Mandiant Résumé exécutif GoogleThreat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.  Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts. Scope  This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that demonstrate how actors use both historic and novel techniques to exploit vulnerabilities in targeted products. The following content leverages original research conducted by GTIG, combined with breach investigation findings and reporting from reliable open sources, though we cannot independently confirm the reports of every source. Research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations. The numbers presented here reflect our best understanding of current data. GTIG defines a zero-day as a vulnerability that was maliciously exploited in the wild before a patch was made publicly available. GTIG acknowledges that the trends observed and discussed in this report are based on detected and disclosed zero-days. Our analysis represents exploitation tracked by GTIG but may not reflect all zero-day exploitation. aside_block Key Takeaways Zero-day exploitation continues to grow gradually. The 75 zero-day vulnerabilities exploited in 2024 follow a pattern that has emerged ]]> 2025-04-29T05:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/ www.secnews.physaphae.fr/article.php?IdArticle=8669387 False Malware,Tool,Vulnerability,Threat,Patching,Mobile,Prediction,Cloud,Commercial APT 37 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-18T12:22:31+00:00 https://community.riskiq.com/article/2560112c www.secnews.physaphae.fr/article.php?IdArticle=8613484 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud,Technical APT 41,APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Group-IB have ide]]> 2024-11-15T15:40:32+00:00 https://community.riskiq.com/article/7c6b391d www.secnews.physaphae.fr/article.php?IdArticle=8611812 False Malware,Threat,Prediction APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T12:25:16+00:00 https://community.riskiq.com/article/d6da7f0d www.secnews.physaphae.fr/article.php?IdArticle=8605948 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Medical,Cloud,Technical APT 41,APT 28,APT 31,Guam 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-28T11:27:40+00:00 https://community.riskiq.com/article/fa5a55d5 www.secnews.physaphae.fr/article.php?IdArticle=8602805 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud,Technical APT 38,Guam 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial New research by Trend Micro disclosed that the Iranian cyber espionage group Earth Simnavaz, also known as APT34... ]]> 2024-10-15T15:49:31+00:00 https://industrialcyber.co/ransomware/trend-micro-reveals-earth-simnavaz-apt-targets-gulf-organizations-using-microsoft-exchange-server-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8598242 False Prediction APT 34 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - United Arab Emirates ## Snapshot Researchers at Trend Micro have identif]]> 2024-10-11T21:41:42+00:00 https://community.riskiq.com/article/bc0f3dd1 www.secnews.physaphae.fr/article.php?IdArticle=8596273 False Malware,Tool,Vulnerability,Threat,Prediction APT 34 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T16:54:11+00:00 https://community.riskiq.com/article/33015049 www.secnews.physaphae.fr/article.php?IdArticle=8593765 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud APT 37,APT 45 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-16T11:20:34+00:00 https://community.riskiq.com/article/f4ae836f www.secnews.physaphae.fr/article.php?IdArticle=8577706 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Prediction,Cloud APT 34 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-09T11:04:46+00:00 https://community.riskiq.com/article/563312a4 www.secnews.physaphae.fr/article.php?IdArticle=8573205 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Commercial APT 38,APT 29 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-04T18:51:15+00:00 https://community.riskiq.com/article/22951902 www.secnews.physaphae.fr/article.php?IdArticle=8569939 False Malware,Tool,Threat,Prediction APT 34 2.0000000000000000 Dark Reading - Informationweek Branch Charming Kitten goes retro and consolidates its backdoor into a tighter package, abandoning the malware framework trend.]]> 2024-08-20T09:00:00+00:00 https://www.darkreading.com/threat-intelligence/irgc-linked-hackers-package-modular-malware-into-monolithic-trojan www.secnews.physaphae.fr/article.php?IdArticle=8561183 False Malware,Prediction APT 35 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group\'s trend of embedding spyware into curated video browsing applications, with a new expansion targeting mobile gamers, weapons enthusiasts, and TikTok fans," SentinelOne security researcher Alex]]> 2024-07-01T18:30:00+00:00 https://thehackernews.com/2024/07/caprarat-spyware-disguised-as-popular.html www.secnews.physaphae.fr/article.php?IdArticle=8529204 False Threat,Mobile,Prediction APT 36 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers. Building networks of compromised devices allows ORB network administrators to easily grow the size of their ORB network with little effort and create a constantly evolving mesh network that can be used to conceal espionage operations.  By using these mesh networks to conduct espionage operations, actors can disguise external traffic between command and control (C2) infrastructure and victim environments including vulnerable edge devices that are being exploited via zero-day vulnerabilities.  These networks often use both rented VPS nodes in combination with malware designed to target routers so they can grow the number of devices capable of relaying traffic within compromised networks.  Mandiant assesses with moderate confidence that this is an effort to raise the cost of defending an enterprise\'s network and shift the advantage toward espionage operators by evading detection and complicating attribution. Mandiant believes that if network defenders can shift the current enterprise defense paradigm away from treating adversary infrastructure like indicators of compromise (IOCs) and instead toward tracking ORB networks like evolving entities akin to APT groups, enterprises can contend with the rising challenge of ORB networks in the threat landscape. IOC Extinction and the Rise of ORB Networks The cybersecurity industry has reported on the APT practice of ORB network usage in the past as well as on the functional implementation of these networks. Less discussed are the implications of broad ORB network usage by a multitude of China-nexus espionage actors, which has become more common over recent years. The following are three key points and paradigm shifting implications about ORB networks that require enterprise network defenders to adapt the way they think about China-nexus espionage actors: ORB networks undermine the idea of “Actor-Controlled Infrastructure”: ORB networks are infrastructure networks administered by independent entities, contractors, or administrators within the People\'s Republic of China (PRC). They are not controlled by a single APT actor. ORB networks create a network interface, administer a network of compromised nodes, and contract access to those networks to multiple APT actors that will use the ORB networks to carry out their own distinct espionage and reconnaissance. These networks are not controlled by APT actors using them, but rather are temporarily used by these APT actors often to deploy custom tooling more conventionally attributable to known China-nexus adversaries. ORB network infrastructure has a short lifesp]]> 2024-05-22T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8504765 False Malware,Tool,Vulnerability,Threat,Prediction,Cloud,Commercial APT 15,APT 5,APT 31 3.0000000000000000 Kovrr - cyber risk management platform 2023-11-28T00:00:00+00:00 https://www.kovrr.com/reports/investigating-the-risk-of-compromised-credentials-and-internet-exposed-assets www.secnews.physaphae.fr/article.php?IdArticle=8417472 False Ransomware,Threat,Studies,Prediction,Cloud APT 39,APT 39,APT 17 3.0000000000000000 AhnLab - Korean Security Firm août 2023 Problèmes majeurs sur les groupes de l'APT 1) Andariel 2) APT29 3) APT31 4) amer 5)Bronze Starlight 6) Callisto 7) Cardinbee 8) Typhoon de charbon de bois (Redhotel) 9) Terre estrie 10) Typhon de lin 11) Groundpeony 12) Chisel infâme 13) Kimsuky 14) Lazarus 15)Moustachedbouncher 16) Éléphant mystérieux (APT-K-47) 17) Nobelium (Blizzard de minuit) 18) Red Eyes (APT37) Aug_Thereat Trend Rapport sur les groupes APT

---

August 2023 Major Issues on APT Groups 1) Andariel 2) APT29 3) APT31 4) Bitter 5) Bronze Starlight 6) Callisto 7) Carderbee 8) Charcoal Typhoon (RedHotel) 9) Earth Estries 10) Flax Typhoon 11) GroundPeony 12) Infamous Chisel 13) Kimsuky 14) Lazarus 15) MoustachedBouncher 16) Mysterious Elephant (APT-K-47) 17) Nobelium (Midnight Blizzard) 18) Red Eyes (APT37) Aug_Threat Trend Report on APT Groups ]]> 2023-10-23T02:22:16+00:00 https://asec.ahnlab.com/en/57930/ www.secnews.physaphae.fr/article.php?IdArticle=8399124 False Threat,Prediction APT 38,APT 38,APT 37,APT 29,APT 31 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy]]> 2023-09-30T14:51:00+00:00 https://thehackernews.com/2023/09/iranian-apt-group-oilrig-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=8389819 False Malware,Prediction APT 34 3.0000000000000000 AhnLab - Korean Security Firm juillet 2023 Problèmes majeurs sur les groupes APT 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Chicheur charmant 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Eyes rouges 13) Pirates d'espace 14) Turla 15) ATIP_2023_JUL_JULAT RAPPORT D'APTER LE Rapport sur les APT

---

July 2023 Major Issues on APT Groups 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Charming Kitten 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Red Eyes 13) Space Pirates 14) Turla 15) Unclassified ATIP_2023_Jul_Threat Trend Report on APT Groups ]]> 2023-09-11T05:02:48+00:00 https://asec.ahnlab.com/en/56971/ www.secnews.physaphae.fr/article.php?IdArticle=8381128 False Threat,Prediction APT 38,APT 37,APT 37,APT 35,APT 35,APT 29,APT 29,APT 28,APT 28,APT 31 2.0000000000000000 AhnLab - Korean Security Firm Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

---

APT Group Trends – June 2023  1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 37,APT 37,APT 35,APT 35,APT 32,APT 32,APT 28,APT 28,APT 15,APT 15,APT 25 2.0000000000000000 AhnLab - Korean Security Firm Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

---

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 41,APT 38,APT 37,APT 37,APT 29,APT 29,APT 28,APT 28,APT 36,APT 36,Guam,Guam,APT-C-17,APT-C-17,GoldenJackal,GoldenJackal,APT-C-36 3.0000000000000000 Anomali - Firm Blog Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces Réaction en chaîne: Rokrat & rsquo; s.Lien manquant (Publié: 1er mai 2023) Depuis 2022, le groupe parrainé par le Nord-Korea APT37 (Group123, Ricochet Chollima) a principalement changé ses méthodes de livraison de Maldocs pour cacher des charges utiles à l'intérieur des fichiers LNK surdimensionnés.Vérifier les chercheurs a identifié plusieurs chaînes d'infection utilisées par le groupe de juillet 2022 à avril 2023. Celles-ci ont été utilisées pour livrer l'un des outils personnalisés de l'APT37 (Goldbackdoor et Rokrat), ou le malware de marchandises Amadey.Tous les leurres étudiés semblent cibler des personnes coréennes avec des sujets liés à la Corée du Sud. Commentaire de l'analyste: Le passage aux chaînes d'infection basées sur LNK permet à APT37 de l'interaction utilisateur moins requise car la chaîne peut être déclenchée par un simple double clic.Le groupe continue l'utilisation de Rokrat bien triés qui reste un outil furtif avec ses couches supplémentaires de cryptage, le cloud C2 et l'exécution en mémoire.Les indicateurs associés à cette campagne sont disponibles dans la plate-forme Anomali et il est conseillé aux clients de les bloquerleur infrastructure. mitre att & amp; ck: [mitre att & amp; ck] t1059.001: Powershell | [mitre att & amp; ck] t1055 - injection de processus | [mitre att & amp; ck] t1027 - fichiers ou informations obscurcis | [mitre att & amp; ck] t1105 - transfert d'outils d'entrée | [mitre att & amp; ck] t1204.002 - Exécution des utilisateurs: fichier malveillant | [mitre att & amp; ck] t1059.005 - commande et script interprète: visuel basique | [mitre att & amp; ck] t1140 - désobfuscate / décode ou informations | [mitre att & amp; ck] T1218.011 - Exécution par proxy binaire signée: Rundll32 Tags: malware: Rokrat, mitre-software-id: s0240, malware-Type: Rat, acteur: Groupe123, mitre-groupe: APT37, acteur: Ricochet Chollima, Country source: Corée du Nord, Country source: KP, Cible-Country: Corée du Sud, Cible-Country: KR, Type de fichier: Zip, déposer-Type: Doc, Fichier-Type: ISO, Fichier-Type: LNK, File-Type: Bat, File-Type: EXE, Fichier-Type: VBS, malware: Amadey,MALWARE: Goldbackdoor, Type de logiciels malveillants: porte dérobée, abusée: Pcloud, abusé: Cloud Yandex, abusé: OneDrive, abusé: & # 8203; & # 8203; Processeur de mots Hangul, abusé: themida, système cible: Windows ]]> 2023-05-01T23:16:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt37-adopts-lnk-files-charming-kitten-uses-bellaciao-implant-dropper-vipersoftx-infostealer-unique-byte-remapping-encryption www.secnews.physaphae.fr/article.php?IdArticle=8332656 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Cloud APT 37,APT 37,APT 35 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #09  |   February 28th, 2023 [Eye Opener] Should You Click on Unsubscribe? By Roger A. Grimes. Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?" The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action. In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days. Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use. In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list. [CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac]]> 2023-02-28T14:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-09-eye-opener-should-you-click-on-unsubscribe www.secnews.physaphae.fr/article.php?IdArticle=8314155 False Malware,Hack,Tool,Vulnerability,Threat,Guideline,Prediction APT 38,ChatGPT 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-02-03T17:42:00+00:00 https://thehackernews.com/2023/02/iranian-oilrig-hackers-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=8306848 False Prediction APT 34 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-02-03T15:06:57+00:00 https://informationsecuritybuzz.com/oilrig-hackers-exfiltrate-data-govt-agencies-using-new-backdoors/ www.secnews.physaphae.fr/article.php?IdArticle=8306870 False Prediction APT 34 3.0000000000000000 Dark Reading - Informationweek Branch 2022-09-09T16:48:02+00:00 https://www.darkreading.com/vulnerabilities-threats/us-sanctions-iran-apt-cyberattack-activity www.secnews.physaphae.fr/article.php?IdArticle=6807446 False Prediction APT 39 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Russian Cyberattacks Pose Greater Risk to Governments and Other Insights from Our Annual Report (published: October 7, 2021) Approximately 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 have been attributed to the Russian-sponsored threat groups, specifically to Cozy Bear (APT29, Nobelium) associated with the Russian Foreign Intelligence Service (SVR). The United States, Ukraine, and the UK were the top three targeted by them. Russian Advanced Persistent Threat (APT) actors increased their effectiveness from a 21% successful compromise rate to a 32% rate comparing year to year. They achieve it by starting an attack with supply-chain compromise, utilizing effective tools such as web shells, and increasing their skills with the cloud environment targeting. Russian APTs are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense. Following Russia by the number of APT cyberattacks were North Korea (23%), Iran (11%), and China (8%). Analyst Comment: As the collection of intrusions for potential disruption operations via critical infrastructure attacks became too risky for Russia, it refocused back to gaining access to and harvesting intelligence. The scale and growing effectiveness of the cyberespionage requires a defence-in-depth approach and tools such as Anomali Match that provide real-time forensics capability to identify potential breaches and known actor attributions. MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Brute Force - T1110 Tags: Fancy Bear, APT28, APT29, The Dukes, Strontium, Nobelium, Energetic Bear, Cozy Bear, Government, APT, Russia, SVR, China, North Korea, USA, UK, Ukraine, Iran Ransomware in the CIS (published: October 7, 2021) Many prominent ransomware groups have members located in Russia and the Commonwealth of Independent States (CIS) - and they avoid targeting this region. Still, businesses in the CIS are under the risk of being targeted by dozens of lesser-known ransomware groups. Researchers from Kaspersky Labs have published a report detailing nine business-oriented ransomware trojans that were most active in the CIS in the first half of 2021. These ransomware families are BigBobRoss (TheDMR), Cryakl (CryLock), CryptConsole, Crysis (Dharma), Fonix (XINOF), Limbozar (VoidCrypt), Phobos (Eking), Thanos (Hakbit), and XMRLocker. The oldest, Cryakl, has been around since April 2014, and the newest, XMRLocker, was first detected in August 2020. Most of them were mainly distributed via the cracking of Remote Deskto]]> 2021-10-12T17:41:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-aerospace-and-telecoms-targeted-by-iranian-malkamak-group-cozy-bear-refocuses-on-cyberespionage-wicked-panda-is-traced-by-malleable-c2-profiles-and-more www.secnews.physaphae.fr/article.php?IdArticle=3505382 False Ransomware,Malware,Tool,Threat,Guideline,Prediction APT 41,APT 41,APT 39,APT 29,APT 29,APT 28 None Security Through Education - Security Through Education 2021-05-10T06:00:29+00:00 https://www.social-engineer.org/podcast/ep-145-baking-a-human-behavior-cake-with-jack-schafer/?utm_source=rss&utm_medium=rss&utm_campaign=ep-145-baking-a-human-behavior-cake-with-jack-schafer www.secnews.physaphae.fr/article.php?IdArticle=2759817 False Prediction APT 39 None ZD Net - Magazine Info 2020-09-17T23:41:21+00:00 https://www.zdnet.com/article/us-sanctions-iranian-government-front-company-hiding-major-hacking-operations/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1923902 False Prediction APT 39 None Dark Reading - Informationweek Branch 2020-09-17T17:10:00+00:00 https://www.darkreading.com/vulnerabilities---threats/iranian-hackers-indicted-for-stealing-aerospace-and-satellite-tracking-data/d/d-id/1338950?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1923785 False Malware,Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2020-07-24T13:00:18+00:00 https://blog.checkpoint.com/2020/07/24/check-point-cloudguard-connect-protects-microsoft-azure-branch-office-internet-connections-from-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1823010 False Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2020-07-17T10:00:58+00:00 https://blog.checkpoint.com/2020/07/17/check-point-iot-protect-uses-automation-and-threat-intelligence-to-prevent-the-most-advanced-iot-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1809424 False Threat,Prediction APT 39 None Security Affairs - Blog Secu 2020-05-21T11:49:49+00:00 https://securityaffairs.co/wordpress/103556/apt/chafer-apt-kuwait-saudi-arabia.html?utm_source=rss&utm_medium=rss&utm_campaign=chafer-apt-kuwait-saudi-arabia www.secnews.physaphae.fr/article.php?IdArticle=1722957 False Prediction APT 39 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-05-21T01:11:42+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/2m27rfRz1GU/iran-hackers-kuwait.html www.secnews.physaphae.fr/article.php?IdArticle=1722583 False Threat,Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2020-05-20T13:00:40+00:00 https://blog.checkpoint.com/2020/05/20/check-point-and-citrix-securing-the-sd-wan-edge-with-multi-layered-security/ www.secnews.physaphae.fr/article.php?IdArticle=1720622 False Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2019-12-06T13:00:09+00:00 https://blog.checkpoint.com/2019/12/06/protect-your-network-edge-with-vmware-sd-wan-and-check-point-security/ www.secnews.physaphae.fr/article.php?IdArticle=1493486 False Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2019-11-05T19:13:49+00:00 https://blog.checkpoint.com/2019/11/05/check-point-protects-branch-office-microsoft-azure-internet-connections-and-saas-applications-from-cyber-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1447715 False Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2019-10-01T15:00:44+00:00 https://blog.checkpoint.com/2019/10/01/check-point-and-vmware-partner-to-secure-branch-office-sd-wan-connections-to-the-cloud/ www.secnews.physaphae.fr/article.php?IdArticle=1373689 False Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2019-09-05T13:00:43+00:00 https://blog.checkpoint.com/2019/09/05/transforming-branch-security-with-top-rated-threat-prevention-cloud-services-integrated-with-vmware-and-silver-peak-sd-wan/ www.secnews.physaphae.fr/article.php?IdArticle=1324402 True Prediction APT 39 None Checkpoint - Fabricant Materiel Securite 2019-09-05T13:00:04+00:00 https://blog.checkpoint.com/2019/09/05/transforming-branch-security-with-top-rated-threat-prevention-cloud-services-integrated-with-vmware-and-silver-peak-sd-wan/ www.secnews.physaphae.fr/article.php?IdArticle=1307543 False Threat,Prediction APT 39 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC A Beginner's Guide to Test Automation | Sticky Minds All roads lead to exploratory testing When I’m faced with something to test – be it a feature in a software application or a collection of features in a release, my general preference is weighted strongly towards exploratory testing. When someone who doesn’t know a great deal about testing wants me or my team to do testing for them, I would love to educate them on why exploratory testing could be a strong part of the test strategy. All roads lead to exploratory testing | Womentesters While on the topic of testing Testing Behaviours — Writing A Good Gherkin Script | Medium, Jo Mahadevan Single-page, server-side, static… say what? An emoji-filled learning journey about the trade-offs of different website architectures, complete with gifs, diagrams, and demo apps. If you’ve been hanging around the internet, trying to build websites and apps, you may have heard some words in conversation like static site or server-side rendered (SSR) or single-page app (SPA). But what do all of these words mean? How does each type of application architecture differ? What are the tradeoffs of each approach and which one should you use when building your website? Single-Page, Server-Side, Static… say what? | Marie Chatfield If, like me you enjoyed this post by Marie, check out some of her other posts which are great. Quick plug to Protocol-andia: Welcome to the Networking Neighborhood. A whimsical introduction to how computers talk to each other, and what exactly your requests are up to. Strengthen your security posture: start with a cybersecurity framework The 2017 Equifax data breach is expected to break all previous records for data breach costs, with Larry Ponemon, chairman of the Ponemon Institute, estimating the final cost to be more than $600 million. Even non-enterprise-level organizations suffer severe consequences for data breaches. According to the National Cyber Security Alliance, mid-market companies pay more than $1 million in post-attack mitigation, and the average cost of a data breach to an SMB is $117,000 per incident. While estimates vary, approximately 60% of businesses who suffer a breach are forced to shut down business within 6 months. It is mor]]> 2019-04-12T13:00:00+00:00 https://feeds.feedblitz.com/~/600760182/0/alienvault-blogs~Things-I-hearted-this-week-th-April www.secnews.physaphae.fr/article.php?IdArticle=1093204 False Guideline,Prediction Equifax,APT 39 None Checkpoint - Fabricant Materiel Securite 2019-04-11T13:00:03+00:00 http://blog.checkpoint.com/2019/04/11/protect-your-business-by-managing-network-security-from-the-palm-of-your-hand/ www.secnews.physaphae.fr/article.php?IdArticle=1094014 False Data Breach,Prediction APT 39 None Security Affairs - Blog Secu 2019-03-05T21:23:03+00:00 https://securityaffairs.co/wordpress/82004/breaking-news/chafer-apt-python-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=1055754 False Malware,Prediction APT 39 None SecurityWeek - Security News 2019-03-05T15:30:05+00:00 https://www.securityweek.com/iran-linked-hackers-use-python-based-backdoor-recent-attacks www.secnews.physaphae.fr/article.php?IdArticle=1055433 False Threat,Prediction APT 39 None Security Affairs - Blog Secu 2019-01-30T08:58:00+00:00 https://securityaffairs.co/wordpress/80450/apt/iran-apt39-cyberespionage.html www.secnews.physaphae.fr/article.php?IdArticle=1014677 False Prediction APT 39 None Data Security Breach - Site de news Francais Chafer : un groupe de cyber attaquants basé en Iran est apparu en premier sur Data Security Breach. ]]> 2018-03-08T21:11:01+00:00 https://www.datasecuritybreach.fr/chafer-pirate-iran/ www.secnews.physaphae.fr/article.php?IdArticle=501522 False Prediction APT 39 None SecurityWeek - Security News 2018-03-01T19:06:00+00:00 http://feedproxy.google.com/~r/Securityweek/~3/w2BE-2JMstA/iran-linked-chafer-group-expands-toolset-targets-list www.secnews.physaphae.fr/article.php?IdArticle=494010 False Prediction APT 39 None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/529622610/0/thesecurityledger -->»]]> 2018-03-01T15:32:02+00:00 https://feeds.feedblitz.com/~/529622610/0/thesecurityledger~Iran-Taps-Chafer-APT-Group-amid-Civil-Aviation-Crisis/ www.secnews.physaphae.fr/article.php?IdArticle=494091 False Prediction APT 39 None